diff options
author | Mark H Weaver <mhw@netris.org> | 2018-05-17 01:00:50 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2018-05-17 01:00:50 -0400 |
commit | 539bf8f2c071b53834829259bb3fabf0390c5dc6 (patch) | |
tree | 16672732afbf4c3f933e67ac677aa1877f6a7657 /gnu/packages/patches | |
parent | 903874328ed5e5ab766e36cee1b1a0989e8b24a9 (diff) | |
parent | 2cf8531f360ef390d3ec670cc150b106bab5eff1 (diff) |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/adb-add-libraries.patch | 30 | ||||
-rw-r--r-- | gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch | 98 | ||||
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch (renamed from gnu/packages/patches/icecat-bug-1452075.patch) | 0 | ||||
-rw-r--r-- | gnu/packages/patches/libutils-add-includes.patch | 11 | ||||
-rw-r--r-- | gnu/packages/patches/libutils-remove-damaging-includes.patch | 21 | ||||
-rw-r--r-- | gnu/packages/patches/libziparchive-add-includes.patch | 10 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2017-17858.patch | 111 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2018-1000051.patch | 88 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2018-6544.patch | 109 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch | 27 | ||||
-rw-r--r-- | gnu/packages/patches/myrepos-CVE-2018-7032.patch | 69 | ||||
-rw-r--r-- | gnu/packages/patches/python-statsmodels-fix-tests.patch | 28 | ||||
-rw-r--r-- | gnu/packages/patches/wesnoth-fix-std-bad-cast.patch | 67 |
13 files changed, 239 insertions, 430 deletions
diff --git a/gnu/packages/patches/adb-add-libraries.patch b/gnu/packages/patches/adb-add-libraries.patch new file mode 100644 index 0000000000..b014832f62 --- /dev/null +++ b/gnu/packages/patches/adb-add-libraries.patch @@ -0,0 +1,30 @@ +--- a/adb/Android.mk 2018-04-25 23:23:29.527198350 +0200 ++++ b/adb/Android.mk 2018-04-25 23:24:25.558632573 +0200 +@@ -226,7 +226,7 @@ + LOCAL_SRC_FILES := test_track_devices.cpp + LOCAL_SANITIZE := $(adb_host_sanitize) + LOCAL_SHARED_LIBRARIES := libbase +-LOCAL_STATIC_LIBRARIES := libadb libcrypto_static libcutils ++LOCAL_STATIC_LIBRARIES := libadb libbase libcrypto_static libcutils + LOCAL_LDLIBS += -lrt -ldl -lpthread + include $(BUILD_HOST_EXECUTABLE) + endif +@@ -278,6 +278,7 @@ + LOCAL_SANITIZE := $(adb_host_sanitize) + LOCAL_STATIC_LIBRARIES := \ + libadb \ ++ libcutils \ + libbase \ + libcrypto_static \ + libdiagnose_usb \ +--- a/adb/sysdeps_test.cpp 2018-05-09 23:58:46.583163684 +0200 ++++ b/adb/sysdeps_test.cpp 2018-05-09 23:56:41.356544648 +0200 +@@ -17,6 +17,8 @@ + #include <gtest/gtest.h> + #include <unistd.h> + #include <atomic> ++#include <climits> ++#include <mutex> + + #include "adb_io.h" + #include "sysdeps.h" diff --git a/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch b/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch new file mode 100644 index 0000000000..df74bdbaba --- /dev/null +++ b/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch @@ -0,0 +1,98 @@ +From 3dbdc68093e90f0ef9b77b70490d8e0b1dcfbf8f Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Sun, 17 Sep 2017 21:08:45 +0200 +Subject: [PATCH] Add ExceptionUtilsGenerator.java. + +A gradle task (in gradle/utils.gradle) is normally used to generate an +ExceptionUtils class. Since gradle depends on groovy, we cannot use it, so +we copy the code from the gradle task to a new file. Running this file then +generates the required class. +--- + .../codehaus/groovy/ExceptionUtilsGenerator.java | 75 ++++++++++++++++++++++ + 1 file changed, 75 insertions(+) + create mode 100644 config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java + +diff --git a/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java b/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java +new file mode 100644 +index 0000000..41f006d +--- /dev/null ++++ b/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java +@@ -0,0 +1,75 @@ ++package org.codehaus.groovy; ++ ++import org.objectweb.asm.*; ++ ++import java.io.BufferedOutputStream; ++import java.io.File; ++import java.io.FileOutputStream; ++import java.io.IOException; ++import java.util.logging.Logger; ++ ++public class ExceptionUtilsGenerator implements Opcodes { ++ private final static Logger LOGGER = Logger.getLogger(ExceptionUtilsGenerator.class.getName()); ++ ++ public static void main(String... args) { ++ if (args==null || args.length==0) { ++ throw new IllegalArgumentException("You must specify at least one file"); ++ } ++ ++ ClassWriter cw = new ClassWriter(0); ++ MethodVisitor mv; ++ ++ cw.visit(V1_5, ACC_PUBLIC + ACC_SUPER, "org/codehaus/groovy/runtime/ExceptionUtils", null, "java/lang/Object", null); ++ ++ cw.visitSource("ExceptionUtils.java", null); ++ ++ mv = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null); ++ mv.visitCode(); ++ Label l0 = new Label(); ++ mv.visitLabel(l0); ++ mv.visitLineNumber(18, l0); ++ mv.visitVarInsn(ALOAD, 0); ++ mv.visitMethodInsn(INVOKESPECIAL, "java/lang/Object", "<init>", "()V"); ++ mv.visitInsn(RETURN); ++ Label l1 = new Label(); ++ mv.visitLabel(l1); ++ mv.visitLocalVariable("this", "Lorg/codehaus/groovy/runtime/ExceptionUtils;", null, l0, l1, 0); ++ mv.visitMaxs(1, 1); ++ mv.visitEnd(); ++ ++ mv = cw.visitMethod(ACC_PUBLIC + ACC_STATIC, "sneakyThrow", "(Ljava/lang/Throwable;)V", null, null); ++ mv.visitCode(); ++ Label l2 = new Label(); ++ mv.visitLabel(l2); ++ mv.visitLineNumber(20, l2); ++ mv.visitVarInsn(ALOAD, 0); ++ mv.visitInsn(ATHROW); ++ Label l3 = new Label(); ++ mv.visitLabel(l3); ++ mv.visitLocalVariable("e", "Ljava/lang/Throwable;", null, l2, l3, 0); ++ mv.visitMaxs(1, 1); ++ mv.visitEnd(); ++ ++ cw.visitEnd(); ++ ++ LOGGER.info("Generating ExceptionUtils"); ++ byte[] bytes = cw.toByteArray(); ++ for (String classFilePath : args) { ++ File classFile = new File(classFilePath); ++ if (classFile.getParentFile().exists() || classFile.getParentFile().mkdirs()) { ++ try { ++ if (classFile.exists()) { ++ classFile.delete(); ++ } ++ BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(classFile)); ++ bos.write(bytes); ++ bos.close(); ++ } catch (IOException e) { ++ LOGGER.warning("Unable to write file "+classFile); ++ } ++ } else { ++ LOGGER.warning("Unable to create directory "+classFile.getParentFile()); ++ } ++ } ++ } ++} +-- +2.14.1 + diff --git a/gnu/packages/patches/icecat-bug-1452075.patch b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch index b776640133..b776640133 100644 --- a/gnu/packages/patches/icecat-bug-1452075.patch +++ b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch diff --git a/gnu/packages/patches/libutils-add-includes.patch b/gnu/packages/patches/libutils-add-includes.patch new file mode 100644 index 0000000000..354c59b735 --- /dev/null +++ b/gnu/packages/patches/libutils-add-includes.patch @@ -0,0 +1,11 @@ +--- a/libutils/CallStack.cpp 2018-04-25 20:13:06.348665241 +0200 ++++ b/libutils/CallStack.cpp 2018-04-25 20:13:18.360510763 +0200 +@@ -17,7 +17,7 @@ + #define LOG_TAG "CallStack" + + #include <memory> +- ++#include <cstdlib> + #include <utils/CallStack.h> + #include <utils/Printer.h> + #include <utils/Errors.h> diff --git a/gnu/packages/patches/libutils-remove-damaging-includes.patch b/gnu/packages/patches/libutils-remove-damaging-includes.patch new file mode 100644 index 0000000000..7867dd3b80 --- /dev/null +++ b/gnu/packages/patches/libutils-remove-damaging-includes.patch @@ -0,0 +1,21 @@ +--- a/include/utils/StrongPointer.h 2018-04-25 18:42:34.321003602 +0200 ++++ b/include/utils/StrongPointer.h 2018-04-25 18:42:42.180912201 +0200 +@@ -17,8 +17,6 @@ + #ifndef ANDROID_STRONG_POINTER_H + #define ANDROID_STRONG_POINTER_H + +-#include <cutils/atomic.h> +- + #include <stdint.h> + #include <sys/types.h> + #include <stdlib.h> +--- a/libutils/Trace.cpp 2018-04-25 20:41:48.775049786 +0200 ++++ b/libutils/Trace.cpp 2018-04-25 20:42:13.674744182 +0200 +@@ -21,5 +21,7 @@ + + static void traceInit() + { ++#if defined(__ANDROID__) + ::android::add_sysprop_change_callback(atrace_update_tags, 0); ++#endif + } diff --git a/gnu/packages/patches/libziparchive-add-includes.patch b/gnu/packages/patches/libziparchive-add-includes.patch new file mode 100644 index 0000000000..41137105a0 --- /dev/null +++ b/gnu/packages/patches/libziparchive-add-includes.patch @@ -0,0 +1,10 @@ +--- a/libziparchive/zip_writer.cc 2018-04-25 22:33:05.472674164 +0200 ++++ b/libziparchive/zip_writer.cc 2018-04-25 22:33:21.296519518 +0200 +@@ -22,6 +22,7 @@ + + #include <sys/param.h> + ++#include <cstring> + #include <cassert> + #include <cstdio> + #include <memory> diff --git a/gnu/packages/patches/mupdf-CVE-2017-17858.patch b/gnu/packages/patches/mupdf-CVE-2017-17858.patch deleted file mode 100644 index 66df127509..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-17858.patch +++ /dev/null @@ -1,111 +0,0 @@ -Fix CVE-2017-17858: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858 -https://bugs.ghostscript.com/show_bug.cgi?id=698819 -https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 - -From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Mon, 11 Dec 2017 14:09:15 +0100 -Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below - limit. - -This ensures that: - * xref tables with objects pointers do not grow out of bounds. - * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf. ---- - include/mupdf/pdf/object.h | 3 +++ - source/pdf/pdf-repair.c | 5 +---- - source/pdf/pdf-xref.c | 21 ++++++++++++--------- - 3 files changed, 16 insertions(+), 13 deletions(-) - -diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h -index 21ed8595..4177112b 100644 ---- a/include/mupdf/pdf/object.h -+++ b/include/mupdf/pdf/object.h -@@ -3,6 +3,9 @@ - - typedef struct pdf_document_s pdf_document; - -+/* Defined in PDF 1.7 according to Acrobat limit. */ -+#define PDF_MAX_OBJECT_NUMBER 8388607 -+ - /* - * Dynamic objects. - * The same type of objects as found in PDF and PostScript. -diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c -index ca149bd3..0c29758e 100644 ---- a/source/pdf/pdf-repair.c -+++ b/source/pdf/pdf-repair.c -@@ -6,9 +6,6 @@ - - /* Scan file for objects and reconstruct xref table */ - --/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */ --#define MAX_OBJECT_NUMBER (10 << 20) -- - struct entry - { - int num; -@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) - break; - } - -- if (num <= 0 || num > MAX_OBJECT_NUMBER) -+ if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER) - { - fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen); - goto have_next_token; -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 00586dbd..6284e70b 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR); - } - -- if (ofs < 0) -- fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs); -- if (ofs > INT64_MAX - len) -- fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big"); -- -+ if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER -+ || len < 0 || len > PDF_MAX_OBJECT_NUMBER -+ || ofs + len - 1 > PDF_MAX_OBJECT_NUMBER) -+ { -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); -+ } - /* broken pdfs where size in trailer undershoots entries in xref sections */ - if (ofs + len > xref_len) - { -@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in - pdf_xref_entry *table; - int i, n; - -- if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) -- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); -- //if (i0 + i1 > pdf_xref_len(ctx, doc)) -- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); -+ if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); - - table = pdf_xref_find_subsection(ctx, doc, i0, i1); - for (i = i0; i < i0 + i1; i++) -@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc) - /* TODO: reuse free object slots by properly linking free object chains in the ofs field */ - pdf_xref_entry *entry; - int num = pdf_xref_len(ctx, doc); -+ -+ if (num > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf"); -+ - entry = pdf_get_incremental_xref_entry(ctx, doc, num); - entry->type = 'f'; - entry->ofs = -1; --- -2.16.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch deleted file mode 100644 index bb78c46f80..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch +++ /dev/null @@ -1,88 +0,0 @@ -Fix CVE-2018-1000051: - -https://bugs.ghostscript.com/show_bug.cgi?id=698873 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000051 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;a=commit;h=321ba1de287016b0036bf4a56ce774ad11763384 - -From 321ba1de287016b0036bf4a56ce774ad11763384 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Tue, 19 Dec 2017 23:47:47 +0100 -Subject: [PATCH] Bug 698825: Do not drop borrowed colorspaces. - -Previously the borrowed colorspace was dropped when updating annotation -appearances, leading to use after free warnings from valgrind/ASAN. ---- - source/pdf/pdf-appearance.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c -index 70f684f4..d7a1dddd 100644 ---- a/source/pdf/pdf-appearance.c -+++ b/source/pdf/pdf-appearance.c -@@ -2170,7 +2170,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_matrix page_ctm; - - pdf_page_transform(ctx, annot->page, NULL, &page_ctm); -@@ -2184,11 +2183,11 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_try(ctx) - { - char *contents = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_Contents)); - char *da = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_DA)); -+ fz_colorspace *cs; - fz_point pos; - fz_rect rect; - -@@ -2223,7 +2222,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_drop_display_list(ctx, dlist); - font_info_fin(ctx, &font_rec); - fz_drop_text(ctx, text); -- fz_drop_colorspace(ctx, cs); - } - fz_catch(ctx) - { -@@ -2359,7 +2357,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_path *path = NULL; - fz_buffer *fzbuf = NULL; - fz_matrix page_ctm; -@@ -2375,7 +2372,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_var(fzbuf); - fz_try(ctx) - { -@@ -2384,6 +2380,7 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_rect logo_bounds; - fz_matrix logo_tm; - fz_rect rect; -+ fz_colorspace *cs = fz_device_rgb(ctx); /* Borrowed reference */ - - pdf_to_rect(ctx, pdf_dict_get(ctx, annot->obj, PDF_NAME_Rect), &annot_rect); - rect = annot_rect; -@@ -2396,7 +2393,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_bound_path(ctx, path, NULL, &fz_identity, &logo_bounds); - center_rect_within_rect(&logo_bounds, &rect, &logo_tm); - fz_concat(&logo_tm, &logo_tm, &page_ctm); -- cs = fz_device_rgb(ctx); /* Borrowed reference */ - fz_fill_path(ctx, dev, path, 0, &logo_tm, cs, logo_color, 1.0f, NULL); - - get_font_info(ctx, doc, dr, da, &font_rec); --- -2.16.3 - diff --git a/gnu/packages/patches/mupdf-CVE-2018-6544.patch b/gnu/packages/patches/mupdf-CVE-2018-6544.patch deleted file mode 100644 index b2c8f849f3..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2018-6544.patch +++ /dev/null @@ -1,109 +0,0 @@ -Fix CVE-2018-6544: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6544 -https://bugs.ghostscript.com/show_bug.cgi?id=698830 -https://bugs.ghostscript.com/show_bug.cgi?id=698965 - -Patches copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d -https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 - -From b03def134988da8c800adac1a38a41a1f09a1d89 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Thu, 1 Feb 2018 16:36:14 +0100 -Subject: [PATCH] Bug 698830: Avoid recursion when loading object streams - objects. - -If there were indirect references in the object stream dictionary and -one of those indirect references referred to an object inside the object -stream itself, mupdf would previously enter recursion only bounded by the -exception stack. After this commit the object stream is checked if it is -marked immediately after being loaded. If it is marked then we terminate -the recursion at this point, if it is not marked then mark it and -attempt to load the desired object within. We also take care to unmark -the stream object when done or upon exception. ---- - source/pdf/pdf-xref.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 723b543c..ed09094c 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1576,6 +1576,19 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i - { - objstm = pdf_load_object(ctx, doc, num); - -+ if (pdf_obj_marked(ctx, objstm)) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup"); -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, objstm); -+ fz_rethrow(ctx); -+ } -+ -+ fz_try(ctx) -+ { -+ pdf_mark_obj(ctx, objstm); -+ - count = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_N)); - first = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_First)); - -@@ -1655,6 +1668,7 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i - fz_drop_stream(ctx, stm); - fz_free(ctx, ofsbuf); - fz_free(ctx, numbuf); -+ pdf_unmark_obj(ctx, objstm); - pdf_drop_obj(ctx, objstm); - } - fz_catch(ctx) --- -2.16.3 - -From 26527eef77b3e51c2258c8e40845bfbc015e405d Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Mon, 29 Jan 2018 02:00:48 +0100 -Subject: [PATCH] Bug 698830: Don't drop unkept stream if running out of error - stack. - -Under normal conditions where fz_keep_stream() is called inside -fz_try() we may call fz_drop_stream() in fz_catch() upon exceptions. -The issue comes when fz_keep_stream() has not yet been called but is -dropped in fz_catch(). This happens in the PDF from the bug when -fz_try() runs out of exception stack, and next the code in fz_catch() -runs, dropping the caller's reference to the filter chain stream! - -The simplest way of fixing this it to always keep the filter chain -stream before fz_try() is called. That way fz_catch() may drop the -stream whether an exception has occurred or if the fz_try() ran out of -exception stack. ---- - source/pdf/pdf-stream.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c -index c89da5c4..c6ba7ad3 100644 ---- a/source/pdf/pdf-stream.c -+++ b/source/pdf/pdf-stream.c -@@ -303,14 +303,13 @@ pdf_open_raw_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_ob - *orig_gen = 0; - } - -- fz_var(chain); -+ chain = fz_keep_stream(ctx, chain); - - fz_try(ctx) - { - len = pdf_to_int(ctx, pdf_dict_get(ctx, stmobj, PDF_NAME_Length)); - -- /* don't close chain when we close this filter */ -- chain2 = fz_keep_stream(ctx, chain); -+ chain2 = chain; - chain = NULL; - chain = fz_open_null(ctx, chain2, len, offset); - --- -2.16.3 - diff --git a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch deleted file mode 100644 index d5c9c60242..0000000000 --- a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch +++ /dev/null @@ -1,27 +0,0 @@ -Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest -release series and contains many important bug fixes. - -Patch adapted from Debian: - -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745246 - -And related to this upstream commit: - -http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da - -diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c -index 65699ba..ea84778 100644 ---- a/source/fitz/load-jpx.c -+++ b/source/fitz/load-jpx.c -@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w - - #else /* HAVE_LURATECH */ - --#define OPJ_STATIC --#define OPJ_HAVE_INTTYPES_H --#if !defined(_MSC_VER) || _MSC_VER >= 1600 --#define OPJ_HAVE_STDINT_H --#endif - #define USE_JPIP - - #include <openjpeg.h> diff --git a/gnu/packages/patches/myrepos-CVE-2018-7032.patch b/gnu/packages/patches/myrepos-CVE-2018-7032.patch new file mode 100644 index 0000000000..ce9493e5f9 --- /dev/null +++ b/gnu/packages/patches/myrepos-CVE-2018-7032.patch @@ -0,0 +1,69 @@ +http://source.myrepos.branchable.com/?p=source.git;a=patch;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8 +This can be removed with the next release. It was modified slightly to apply + +From 40a3df21c73f1bb1b6915cc6fa503f50814664c8 Mon Sep 17 00:00:00 2001 +From: Paul Wise <pabs3@bonedaddy.net> +Date: Sun, 11 Feb 2018 21:57:49 +0800 +Subject: [PATCH] Mitigate vulnerabilities caused by some git remotes being + able to execute code + +Set GIT_PROTOCOL_FROM_USER=0 with git versions newer than 2.12. + +Prevent remote websites from causing cloning of local repositories. + +Manually whitelist known-safe protocols (http, https, git, ssh) +when using git versions older than 2.12. + +Fixes: CVE-2018-7032 +Fixes: https://bugs.debian.org/840014 +Suggestions-by: Jakub Wilk <jwilk@jwilk.net> +Reported-by: Jakub Wilk <jwilk@jwilk.net> +--- + webcheckout | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/webcheckout b/webcheckout +index e98da5c..de497ba 100755 +--- a/webcheckout ++++ b/webcheckout +@@ -71,6 +71,16 @@ use Getopt::Long; + use warnings; + use strict; + ++# Mitigate some git remote types being dangerous ++my $git_unsafe = 1; ++my $git_version = `git --version`; ++$git_version =~ s{^git version }{}; ++my ($major, $minor) = split(/\./, $git_version); ++if (int($major) >= 2 && int($minor) >= 12) { ++ $ENV{GIT_PROTOCOL_FROM_USER} = 0; ++ $git_unsafe = 0; ++} ++ + # What to download. + my $url; + +@@ -89,7 +99,17 @@ my $destdir; + + # how to perform checkouts + my %handlers=( +- git => sub { doit("git", "clone", shift, $destdir) }, +- svn => sub { doit("svn", "checkout", shift, $destdir) }, +- bzr => sub { doit("bzr", "branch", shift, $destdir) }, ++ git => sub { ++ my $git_url = shift; ++ # Reject unsafe URLs with older versions of git ++ # that do not already check the URL safety. ++ if ($git_unsafe && $git_url !~ m{^(?:(?:https?|git|ssh):[^:]|(?:[-_.A-Za-z0-9]+@)?[-_.A-Za-z0-9]+:(?!:|//))}) { ++ print STDERR "potentially unsafe git URL, may fail, touch local files or execute arbitrary code\n"; ++ return 1; ++ } ++ # Reject cloning local directories too, webcheckout is for remote repos ++ doit(qw(git -c protocol.file.allow=user clone --), $git_url, $destdir) ++ }, ++ svn => sub { doit(qw(svn checkout --), shift, $destdir) }, ++ bzr => sub { doit(qw(bzr branch --), shift, $destdir) }, + ); +-- +2.11.0 + diff --git a/gnu/packages/patches/python-statsmodels-fix-tests.patch b/gnu/packages/patches/python-statsmodels-fix-tests.patch deleted file mode 100644 index f910b4b5a5..0000000000 --- a/gnu/packages/patches/python-statsmodels-fix-tests.patch +++ /dev/null @@ -1,28 +0,0 @@ -This drops a test that fails with numpy 1.12. - -Upstream bug URL: https://github.com/statsmodels/statsmodels/issues/3541 - ---- a/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:19.947343331 +0000 -+++ b/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:37.759328845 +0000 -@@ -1329,21 +1329,6 @@ - res = mod.fit(start_params=-np.ones(4), method='newton', disp=0)
- assert_(not res.mle_retvals['converged'])
-
--def test_issue_339():
-- # make sure MNLogit summary works for J != K.
-- data = sm.datasets.anes96.load()
-- exog = data.exog
-- # leave out last exog column
-- exog = exog[:,:-1]
-- exog = sm.add_constant(exog, prepend=True)
-- res1 = sm.MNLogit(data.endog, exog).fit(method="newton", disp=0)
-- # strip the header from the test
-- smry = "\n".join(res1.summary().as_text().split('\n')[9:])
-- cur_dir = os.path.dirname(os.path.abspath(__file__))
-- test_case_file = os.path.join(cur_dir, 'results', 'mn_logit_summary.txt')
-- test_case = open(test_case_file, 'r').read()
-- np.testing.assert_equal(smry, test_case[:-1])
--
- def test_issue_341():
- data = sm.datasets.anes96.load()
- exog = data.exog
diff --git a/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch b/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch deleted file mode 100644 index 18328ed018..0000000000 --- a/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 18e5ea50a7136cb3686c5a7c51c111ccce73dc54 Mon Sep 17 00:00:00 2001 -From: Iris Morelle <shadowm@wesnoth.org> -Date: Sun, 6 May 2018 16:10:42 -0300 -Subject: [PATCH] i18n: Blind fix attempt for std::bad_cast being thrown on - Windows - -Several reports on Steam and our forums point at std::bad_cast being -thrown when accessing Preferences and the Multiplayer menu amongst -others. It's possible that the locale configuration on those systems is -not quite right, and compare() and icompare() are able to throw -std::bad_cast when this happens as they both use std::use_facet(). - -Note that much like the macOS/iOS version of icompare(), this stopgap -patch doesn't attempt to provide any form of case-insensitive fallback -and just uses a case-sensitive comparison instead. ---- - src/gettext_boost.cpp | 29 +++++++++++++++++++++++++++-- - 1 file changed, 27 insertions(+), 2 deletions(-) - -diff --git a/src/gettext_boost.cpp b/src/gettext_boost.cpp -index 3cc7690d5ef..fb04ffeea90 100644 ---- a/src/gettext_boost.cpp -+++ b/src/gettext_boost.cpp -@@ -423,7 +423,19 @@ void set_language(const std::string& language, const std::vector<std::string>* / - int compare(const std::string& s1, const std::string& s2) - { - std::lock_guard<std::mutex> lock(get_mutex()); -- return std::use_facet<std::collate<char>>(get_manager().get_locale()).compare(s1.c_str(), s1.c_str() + s1.size(), s2.c_str(), s2.c_str() + s2.size()); -+ -+ try { -+ return std::use_facet<std::collate<char>>(get_manager().get_locale()).compare(s1.c_str(), s1.c_str() + s1.size(), s2.c_str(), s2.c_str() + s2.size()); -+ } catch(const std::bad_cast&) { -+ static bool bad_cast_once = false; -+ -+ if(!bad_cast_once) { -+ ERR_G << "locale set-up for compare() is broken, falling back to std::string::compare()\n"; -+ bad_cast_once = true; -+ } -+ -+ return s1.compare(s2); -+ } - } - - int icompare(const std::string& s1, const std::string& s2) -@@ -433,8 +445,21 @@ int icompare(const std::string& s1, const std::string& s2) - return compare(s1, s2); - #else - std::lock_guard<std::mutex> lock(get_mutex()); -- return std::use_facet<bl::collator<char>>(get_manager().get_locale()).compare( -+ -+ try { -+ return std::use_facet<bl::collator<char>>(get_manager().get_locale()).compare( - bl::collator_base::secondary, s1, s2); -+ } catch(const std::bad_cast&) { -+ static bool bad_cast_once = false; -+ -+ if(!bad_cast_once) { -+ ERR_G << "locale set-up for icompare() is broken, falling back to std::string::compare()\n"; -+ bad_cast_once = true; -+ } -+ -+ // FIXME: not even lazily case-insensitive -+ return s1.compare(s2); -+ } - #endif - } - |